Authentication systems

ABSTRACT

An authentication system is provided for authenticating a user&#39;s signature as electronically inputted into the system by a mouse or other manual input device providing an output indicative of its location when manipulated by the user. The system serves to extract angle and distance data relating different parts of the user&#39;s signature inputted into the system, and to store corresponding angle and distance data relating to a reference signature as previously inputted into the system during a training procedure. The extracted data is then compared by the system to the reference data stored by the system, and, where appropriate an output indicative of an appropriate match between the inputted signature and the reference signature is provided in dependence on the result of the comparison. Such a system provides an on-line dynamic biometric verification system that can be customised to multiple Internet based applications requiring secure authentication. The system requires no specialised equipment at the point of use, allowing access from any Internet capable computer with a mouse and Java compliant browser for example.

This invention relates to authentication systems.

With the increasing usage of the internet as a business and social toolit is becoming more important that secure access to sensitive andpersonal information can be provided. Biometrics, the application ofstatistical analysis to identify an individual through their biologicalor physiological characteristics, is emerging as a key aspect in newsecurity systems. Using biometrics it is possible to avoid pitfallsencountered by traditional security systems where users are required tokeep a piece of information, such as a password, safe.

There are two types of biometric verification systems, classified by thetype of biometric used; static or dynamic. Static biometric systemsremain stable over time (barring injury), and examples of such biometricsystems include fingerprinting systems, iris and retinal scan systemsand hand geometry measurement systems. Dynamic biometric systems aresubject to change over time, and examples of such biometric systemsinclude signature systems, voice print systems and typing style systems.However such systems generally require specialised equipment at thepoint of use, thus rendering such systems unsuitable for multipleInternet based applications requiring secure authentication.

It is an object of the invention to provide an authentication systemwhich is particularly suitable for multiple Internet based applications,as well as for a wide variety of other applications.

According to the present invention there is provided an authenticationsystem for authenticating a user's signature as electronically inputtedinto the system by a manual input device providing an output indicativeof its location with respect to time when manipulated by the user, thesystem comprising:

-   (a) extraction means for extracting angle and distance data relating    different parts of the user's signature inputted into the system by    the input device;-   (b) reference means for storing corresponding angle and distance    data relating to a reference signature;-   (c) comparison means for comparing the data extracted by the    extraction means to the reference data stored by the reference    means; and-   (d) verification means for providing an output indicative of an    appropriate match between the inputted signature and the reference    signature in dependence on the result of the comparison providing    verification of the user's signature.

Such a system can provide an on-line dynamic biometric verificationsystem that can be customised to multiple Internet based applicationsrequiring secure authentication. The system requires no specialisedequipment at the point of use, allowing access from any Internet capablecomputer with a mouse and Java compliant browser for example.

In this context it should be appreciated that the term “signature” isused in this specification to denote an electronic representation of anactual signature (the actual signature consisting of a distinctiverepresentation of the user's name or any other distinctive pattern orrepresentation, such as an emblem, mark or pictogram produced by theuser), this electronic representation comprising in practice electronicdata constituting an abstraction of the actual signature, for example byincorporating extracted angle and distance data relating to thesignature as will be described more fully below. Furthermore the term“reference signature” is used to denote an electronic representation ofa hypothetical authentic signature to which the inputted signature is tobe compared, this hypothetical authentic signature comprising dataconstituting an abstraction of the actual signature extracted from anumber of samples of the actual signature and possibly varying with timeas further examples of the actual signature are sampled.

It should also be appreciated that the term “authentication system” isto be interpreted as including within its scope not only systems forverifying a user's signature, for example for providing access to a bankaccount, but also systems for identifying individuals based on an inputsignature, for example in airport security. This identification isaccomplished by comparing the input signature with stored referencesignatures for a match above a degree of confidence.

In order that the invention may be more fully understood, reference willnow be made, by way of example, to the accompanying drawings, in which:

FIG. 1 is a diagram showing success steps in extraction of angle anddistance data in relation to a user's signature in a system according tothe invention;

FIG. 2 is a diagram representing splitting of a user's signature for thepurposes of data extraction;

FIGS. 3 and 4 are diagrams contrasting the data relationships obtainedwith the splitting of a user's signature in accordance with FIG. 2 andaccording to a ranking approach;

FIG. 5 is a flow diagram illustrating password and signatureauthentication in the system according to the invention;

FIG. 6 is a block diagram of the system according to the invention;

FIGS. 7 and 8 are flow diagrams illustrating signature and passwordregistration in the system according to the invention; and

FIG. 9 is a flow diagram of training used in the system according to theinvention.

The following description is given with reference to a preferredauthentication system in accordance with the invention which has beenshown in trials to give both a low false accept rate (FAR) and a lowfalse reject rate (FRR). However it will be appreciated that manyvariations in such a system are possible within the scope of theinvention, and that the choice of particular parameters, sample ratesand verification procedures will depend on the particular application towhich the system is to be applied. Furthermore the description of thesystem will be given with reference to accessing of the system over theInternet by a user making use of a mouse and keyboard connected to apersonal computer (PC). Of course, other types of input device, such asa stylus tablet, can be used with systems in accordance with theinvention, and such systems can be applied to any application in whichsignature authentication is required and are not simply limited tointernet access applications.

The description of the system given below will be divided into adescription of the manner in which the system authenticates a user, adescription of the manner in which the user initially registers on thesystem, and a description of the manner in which the system is trained.

Authentication

A key feature of the preferred authentication system in accordance withthe invention is the ability to match parameters of a signature inputtedby the user into the system using the mouse with the correspondingparameters of a reference signature held within the system. Spatialco-ordinates are extracted by the system from the inputted usersignature, as shown at A in FIG. 1 for example, to obtain a signaturetrace as shown at B in FIG. 1, each spatial co-ordinate beingaccompanied by a temporal value. This signature trace is then normalisedsuch that it contains say 100 temporally equidistant points using lineartime warping. The signature is normalized so that its arc length is 1and so that the total time taken to produce the signature is 1.

From the normalised signature trace the system extracts say 10 relativeangle parameters (an angle between vectors to two points) and say 10relative distance parameters (a Euclidean distance between two points).In order to extract points that provide a high between-class varianceand low within-class variance (i.e. so that the features are as uniqueas possible) the system uses a genetic algorithm (GA) to extract thesefeatures from the normalized signature. The GA is evolved using standardcrossover, mutation and selection, and can be defined using thefollowing relationships.

The Euclidean distance, D_(ij), between two points S_(i)=(x_(i),y_(i))and S_(j)=(x_(j),y_(i)), where (0≦i<j<N′)

(i=N′−1, j=0), in a linearly time warped signature containing N′ pointsis given by:D _(ij)={square root}{square root over ((x _(j) −x _(i))²+(y _(j) −y_(i))²)}  (Eq. 1)An example of such a distance D1 between two points in the trace isshown at C in FIG. 1.

The vector associated with a point, S_(i), is obtained by the functionV(S), which returns either a vector from the previous point to thecurrent point, or from the last point to the first point in the trace.V(S _(i))={overscore (S _(i) −S _(i-1))}, if i>0V(S _(i))={overscore (S _(i) −S _(N′-1))}otherwise  (Eq. 1),where {overscore (S)} indicates vector normalisation. Two such vectorsV1 and V2 are shown at C in FIG. 1 by way of example.The angle, A_(ij), from S_(i) to S_(j) where (0≦i<j<N′)

(i=N′−1, j=0), is obtained from the function ζ, which returns theclockwise angle between the two vectors (as shown at D in FIG. 1 for thevectors V1 and V2):A _(ij)=ζ(V(S _(i)), V(S _(j))))  (Eq. 3)where V(S_(x)) is defined by Equation 2.

The fitness for a pair of points (i.e. a single gene) is given by:$\begin{matrix}{{{fitness}(G)} = {\sqrt{\left( {{n{\sum\limits_{k = 0}^{n}{f\left( x_{k} \right)}^{2}}} - \left( {\sum\limits_{k = 0}^{n}{F\left( x_{k} \right)}} \right)^{2}} \right)/{n\left( {n - 1} \right)}} - \left( {{{j - i}}/N^{\prime}} \right)}} & \left( {{Eq}.\quad 4} \right)\end{matrix}$

-   -   where G is a gene containing the reference number of two points        in the signature, that is G=(S_(i), S_(j)) for signature point i        and signature point j, and where n is the number of signatures        input by a specific user during registration and ƒ(x_(k)) is a        function that calculates either the angle (A_(ij)) or distance        (D_(ij)) between the points S_(i) and S_(j).

The fitness for the set of features (i.e. the chromosome) is given by:$\begin{matrix}{{CF} = {{\sum\limits_{i = 1}^{g}{{{fitness}\left( G_{i} \right)}/g}} + \alpha + \beta + \chi}} & \left( {{Eq}.\quad 5} \right)\end{matrix}$

-   -   where g is the number of genes in the population and        fitness(G_(i)) is defined by Equation 4. The function α        penalises chromosome fitness in proportion to the fitness of the        worst gene, using the function (Min(1.0−standard deviation        (G_(0 . . . i)))). To ensure that relationships are well        distributed the signature is divided into g sections, as shown        in FIG. 1 at B. The function β then returns a bonus for each        section containing a from point (S_(i) in G=(S_(i), S_(j))) and        the function X returns a bonus for each section containing a to        point (S_(j) in G=(S_(i), S_(j))).

The parameters that are extracted by the system from the signature areillustrated in FIG. 1, and examples of relationships that are identifiedby these parameters are shown in FIGS. 2, 3 and 4. Although the GA usageis considered important it may be possible to extract the angle anddistance relationships using other techniques. It is the obtaining ofthese angle and distance relationships such that they are sufficientlyunique that is the most important criterion to obtain the requiredaccuracy of authentication.

The set of angle values and the set of distance values extracted for aparticular user are used to represent their signature. To this end thesystem incorporates two neural networks, each containing ten inputnodes, that is one network for the 10 angle parameters and one networkfor the 10 distance parameters.

Referring to the flow diagram of FIG. 5, in use of the system toauthenticate a user's signature the user must enter their user name intothe system by means of the keyboard to identify themselves to thesystem. The user's template file is retrieved by the system in responseto entry of the user name, this template file having been previouslyencrypted using a standard encryption algorithm during compilation ofthe template file as will be described below. The user must then entertheir password. During this password entry the system records timinginformation in addition to the password string. Password verification isprovided in a two-stage process, firstly by a string match stepindicated at 2 and secondly by a keyboard dynamics (KD) verificationstep shown at 4 in FIG. 5. In the event of a match between the inputtedword and the password in the user's template file, logic 3 initiates theKD verification step at 4, whereas, in the event of such a match notbeing found, the logic 3 initiates a reject indication in a rejectauthentication step 6. Where a match is found the timing with which thepassword was entered by the user on the keyboard is then verified in theKD verification step shown at 4. In the event of a match between theinputted KD and the KD in the user's template file, logic 5 enablessignature validation at 8, whereas, in the event of such a match notbeing found, the logic 5 initiates a reject indication in the rejectauthentication step 6. In this regard it should be noted that, even if astring match or KD match is not found, the user must still enter thesignature. A reject message is then provided at the end of the inputsequence so that an imposter is not able to determine what particularpart of the input sequence has resulted in such rejection.

The user must then enter their signature by appropriately manipulatingthe mouse to initiate signature validation at 8 in FIG. 5. Both spatialand temporal information in relation to inputting of the signature mustbe gathered for the system to function correctly, though this may not bethe case if specialised hardware is used that provides equidistanttiming samples (in which case the timing values will therefore beimplicitly provided after normalisation). In the event of a matchbetween the inputted signature trace and the reference signature tracein the user's template file, logic 9 initiates authenticity confirmationat 10, whereas, in the event of such a match not being found, the logic9 initiates a reject indication in the reject authentication step 6.

Authenticity is verified provided that the user passes all three tests(string match, keyboard dynamics match and signature match). Below is abrief description of how the system verifies each of the tests. A simplestring match is used to ensure that the password entered is the same asthat supplied by the authentic user. From the user password input holdand latency time values and the total time are extracted. The hold timesrepresent the length of time each key is held down, and the latencytimes indicate the time from releasing of one key until pressing of thenext key, with the total time being the time taken from pressing of thefirst key until releasing of the last key. Before being fed into aneural network the hold and latency times are normalised by the totaltime, that is each hold and latency value is divided by the total timeto type the password. The input node size for the password neuralnetwork is therefore (number of hold times+number of latency times) andthe actual inputs are the normalised hold and latency times. Each of theneural networks has a single output node that should output 0 if theuser is identified as a forger and 1 if the user is authenticated.

It is feasible that different normalisation techniques could be used andmore than one neural network used (one for hold and one for latencytimes for example). The important point is that the keyboard dynamics ofthe password input is used. Also different normalisation andpre-processing steps could be applied to the signature trace.

Registration

The neural network based system functions in three distinct modes, thatis registration, training and authentication. During the registrationphase new users are required to select a user name and input a chosenpassword and signature multiple times. The gathered biometric data isprocessed to extract salient information, with techniques including theuse of a genetic algorithm. The details of the salient information usedare then stored in a template file. During the training phase a noveltechnique is used to automatically generate forged samples. These forgedsamples, together with the authentic user samples, are provided to aback-propagation neural network, which is trained and stored upon theserver. During authentication the user logs into the system via anapplet that accepts a username, password and signature. The usertemplate file, retrieved from the server, contains details of thesalient features for the authentic user, which are then extracted fromthe input biometric data and sent to the server for verification. Thedata between client and server may be communicated safely becauseinformation is not transmitted from which a signature could bereconstructed. Eavesdroppers may, therefore, intercept all transferswithout compromising system integrity.

No two signatures are identical, even when signed by the same person.The lengths of the signature trace (in terms of the number of sampledpoints), the spatial size and temporal information will all vary. Thesedifferences are exaggerated by this system because input noise caused byvariances in the provided sampling rate will distort the input signaturedata. The input signature trace therefore needs to be pre-processed toreduce the effect of these differences and to convert the trace into astandard format. Signature traces are pre-processed to normalise the arclength (signatures with disjoint segments are joined by the system toproduce a single continuous arc). Next, the total time taken to producethe trace is normalised. Finally, the traces are linearly time warped tocontain a pre-determined number of temporally equidistant points,typically 100, using the process described by L. Lee, “Neural Approachesfor Human Signature Verification”, Proc. 3rd International ConferenceDocument Analysis and Machine Intelligence (TPAMI), vol. 15, No. 9.1993, pp. 953-957.

It is possible to represent a signature using all information obtainablefrom the raw signature trace in a similar way to the keyboard dynamics'data. This is, however, undesirable because, due to the abundance ofavailable information, much of the data will not provide a significantdegree of uniqueness or consistency and the usage of such informationcould, therefore, prove to be counter-productive. Storing all of theinformation is also costly (in terms of space) and has implications forprocessing overheads when training networks and verifying signatures.Fortunately, it is possible to represent a signature by a number ofextracted features rather than using all of the raw data. To this endthe system uses an adaptation of a technique disclosed in Ozcan, E andMohan, C (1996), “Shape Recognition Using Genetic Algorithms”,Proceedings of the IEEE International Conference on EvolutionaryComputation, Nagoya (Japan) May 1996, pp. 414-420, and Ozcan, E andMohan, C (1998), “Steady State Memetic Algorithm For Partial ShapeMatching”, Proceedings of the IEEE 7th Annual Conference on EvolutionaryProgramming, March 1998, to perform partial spatial shape matching,where relative angle and distance relationships between shape(signature) points are used. Equations 1 to 3 above define theserelationships.

To use the extracted angle and distance information to characterise asignature trace a technique must be implemented to obtain both thesalient angle and distance relationships from any input signature. To dothis the technique must obtain an adequate set of points from thesignature, from which relationships are extracted. This is performedwith the intention of minimising within-class variance and maximisingbetween-class variance, where within-class variance is the degree towhich patterns belonging to the same class (user) differ andbetween-class variance is the degree to which patterns belonging todifferent classes differ.

If users are required to access the system upon an uncontrolled network,such as the Internet, then standard encryption techniques should be usedto encode data transmissions. During most data transfers the data sentcannot be used to reconstruct a user signature as the only sufficientlyunique relationships identified by the Genetic Algorithm (GA) are used.For example, only the values pertaining to the 10 angle and 10 distanceparameters need be sent and it is not possible for the whole signatureto be reconstructed from these parameters alone. The most dangerous timetherefore is when registration data is being sent to a remote serverprior to feature extraction (using the GA) and storage. This problemcould be avoided either by providing a secure location for registrationor by extracting the angle and distance parameters upon the localmachine (although this may take some time).

During registration the user must choose a username that is availableand appropriate. The user must then enter a password and signaturemultiple times so that the data may be used for the system togeneralise. FIG. 8 is a flow diagram indicating the validation andmultiple inputting of the password, and the process by which the numberof valid entries of the password is counted to arrive at a final countvalue after which the registration proceeds to the next stage. FIG. 7 isa flow diagram indicating the validation and multiple inputting of theuser's signature, and the process by which the number of valid entriesof the signature is counted to arrive at a final count value after whichthe registration proceeds to the next stage. A user template file isstored by the system containing the data gathered during theregistration process. The spatial and temporal data obtained is used totrain the neural networks for authentication purposes. Neural networksare used for authentication during the login phase.

Salient information to be used to identify a user is extracted from thedata stored in the user's template file, and training data is createdusing the salient information extracted from the user's registrationdata in order to train the neural networks.

Training

Because the biometric information used in this system is liable tochange with time (writing and typing styles change) the system must beable to adapt. This adaptation can be provided by performing periodicretraining of the entire system using data accumulated from successfullogins. Alternatively data could be presented to the trained networks ateach successful login, from which an output error is calculated. Asingle back-propagation pass is then performed, allowing gradualevolution of the networks.

Any neural network based verification system must contend with the issueof obtaining large amounts of training data needed to ensure a goodability to generalise. The authentic user may provide positive samplesat the registration phase. However there are two main problemsassociated with obtaining false password and signature data from realpeople. Firstly the authentic user's password and signature must be madeavailable to such people and secondly people willing to provide asufficient number of good quality forged samples must be found. Forthese reasons a challenge for designing the system was to determine atechnique for auto-generating a sufficient number of useful false datasamples to allow effective neural network training to take place.

The biometric data obtained from user input can be considered asresiding in a small sub-space of a much larger space. It is possible toauthenticate an individual based upon whether their input data fallswithin this profile space region, but the difficulty for any system isdetermining the appropriate size and shape of the authentic user'sprofile space. In this system the mean and standard deviation extractedfrom the data supplied at the time of registration (hold/latency timesor angle/distance relationships) are used to provide an approximatemodel of the profile space. In each plane of dimensionality the meanvalues provide the centre of the profile space whilst the radii arebased upon the standard deviation values. Other values such as the meandeviation could be used in the authentication process.

When using any verification technique it is evident that the mostdifficult forgeries to recognise are those that are very similar toauthentic samples, lying close to the authentic user's profile space.Forgeries which reside further from the profile space can more easily berejected by a verification system and therefore need fewer training setswith which the system can learn. To determine an optimal solution to theverification problem mainly false samples that lie close to the profilespace boundaries within a boundary space region are used to train thesystem, with a few outlying samples to ensure correct modelling of theproblem domain. The boundary space region is an enclosing sub-spacewhose radius is the same as the profile space radius (in each plane ofdimensionality) and is set at a distance 0.25 times the radius.

To generate meaningful false samples for neural network training valuesmust be generated that lie within the boundary space region. These falsesamples are generated using pseudo-random values for each axis, basedupon the authentic user's characteristic patterns (additional truesamples are generated within the profile space). Using this techniquedifficult forgeries are generated because they often lie outside theprofile space in only one plane of dimensionality.

To perform verification the system uses three neural networks for eachuser trained using the back-propagation algorithm as disclosed inBishop, C. “Neural Networks for Pattern Recognition”, Oxford UniversityPress, 1995. The first network uses hold and latency times to testtyping style, and the second and third networks use angle and distanceinformation to test the input signature. Separate angle and distancenetworks are preferably used because a combined network may be unable tocorrectly model the problem domain. The networks are trained using theauthentic user data input at the time of registration and automaticallygenerated false and true samples using the technique described in theprevious section.

When performing gradient descent on the networks it is possible toover-fit a problem such that the network remembers the input patternsrather than establishing an ability to generalise. The global minima ofan error surface may provide a bad solution here because the inputpatterns are remembered. In order to combat this problem the system usesa validation set during training to test for an ability to generalise.Gradient descent is performed with respect to the training set but thepreviously unseen validation set is used to test for generalisationability. To create the training, validation and testing sets theauthentic user data (and auto-generated true data) is split between thethree sets. False data is generated for each using boundary spacegeneration, with the validation and testing sets using a boundary spaceslightly closer to the profile space than the training set so thatperformance and ability to generalise is assessed based upon moredifficult samples.

FIG. 9 is a flow chart showing the required training steps. Initiallyfeatures are extracted from the keyboard dynamics of password input andfurther features are extracted from the user signature input. At 20 thecentre in each dimension of the profile space region within which usertrue samples are expected to lie is identified, and at 21 the width ineach dimension of the profile space region is identified. The region isbased upon the mean and standard deviation values of the extractedsalient data. This region could also be calculated using metrics otherthan mean and standard deviation.

At 22 the centre in each dimension of the boundary space region withinwhich user true samples are expected to lie is identified, and at 23 thewidth in each dimension of the boundary space region is identified. Theregion is based upon the mean and standard deviation values of theextracted salient data. This region could also be calculated usingmetrics other than mean and standard deviation.

At 24 and 25 false and true training samples are generated within theboundary and profile space regions respectively and added to theauthentic user data. Furthermore false samples are generated outside theboundary and profile regions at 26. This data is then used for training,validation and testing data. The proportion of each data type in each ofthe training sets may be altered (including the use of zero authenticsamples in the testing set for example). At 27 a neural network istrained using the keyboard dynamics data. In this case the hold andlatency times are used after normalisation, but the exact data usedcould be varied, i.e. hold times only or latency times only. Alsoseparate neural networks could be trained for the hold times and for thelatency times. At 28 neural networks are trained using the signaturedata. More particularly two neural networks are trained to verify angleand distance relationships within a signature. For authenticity to beconfirmed both of these networks must confirm authenticity.

FIG. 6 shows a preferred implementation of the template file 11 on theserver consisting of neural networks 12, raw data 14, the passwordstring 15 and the metadata 16. As previously indicated the neuralnetworks 12 incorporate keyboard dynamics data 30 (hold/latency times),signature angle relationship data 31 and signature distance relationshipdata 32. Furthermore the metadata 16 incorporates points 33 from whichthe angle relationships are extracted and points 34 from which thedistance relationships are extracted The dotted box indicates that theraw data 14 will only be communicated to the server during registrationand then will not be accessible. This data does not have to becommunicated at all if the user registers at a secure location or if theGA extracts feature points on the client machine and then sends only therelevant data and metadata to the server. The other boxes show the datathat may be communicated between the client and the server, although inan ideal situation only the metadata 16 needs to be sent to the clientat login. The client would then extract the appropriate features andsend these back to the server, with the result that the authenticsignature could not be reconstructed from the transmitted messages.

It is a particular advantage of such a system that it uses a hybridapproach to verification, requiring an authenticity confirmation fromboth a typing style test and a signature match. The first stage of thesystem verifies authenticity based upon typing style, with biometricinformation obtained from keyboard dynamics of the user's passwordinput. Using the password input as the source of biometric data meansthe security benefits of standard password verification are enhanced,whilst no increase is placed upon the user's cognitive load. The secondstage of the system verifies authenticity based upon an on-linesignature match that uses temporal and spatial information. Unlike othersystems which have been proposed in the past the system uses the mouseas the input device. Two existing user skills are therefore built upon;mouse use and signature writing. Although a pen-based system could bemore desirable in terms of ease-of-use, this would mean that it would nolonger be possible to access the system via the Internet using nospecialised hardware.

Furthermore, by using passwords and signatures to gather biometric data,it is possible to avoid negative social stigmas, such as may beencountered, for example, in use of fingerprint systems. In a studyconducted with 35 participants it was determined that 83% of people arehappy to provide signatures as a means of verification, and of these 97%would be happy to provide their signature for use on the Internet.

1. An authentication system for authenticating a user's signature aselectronically inputted into the system by a manual input deviceproviding an output indicative of its location with respect to time whenmanipulated by the user, the system comprising: (a) extraction means forextracting angle and distance data relating different parts of theuser's signature inputted into the system by the manual input device;(b) registration means for setting up a reference data file compiledfrom angle and distance data relating to a plurality of samples of theuser's signature inputted into the system by the user by means of themanual input device during a registration phase; (c) comparison meansfor comparing the angle and distance data extracted by the extractionmeans from the user's signature inputted into the system during anauthentication phase to reference angle and distance data held in thereference data file, according to defined verification criteria; and (d)verification means for providing an output indicative of an appropriatematch between the inputted signature to be authenticated and thereference data in dependence on the result of the comparison, therebyproviding verification of the user's signature.
 2. A system according toclaim 1, wherein the extraction means is adapted to extract datarelating to a plurality of different points of the user's signatureincluding data relating some of said points to other points in theuser's signature as inputted into the system by the manual input device.3. A system according to claim 2, wherein the extraction means isadapted to extract data relating to a plurality of different points ofthe user's signature including data relating each of a number of saidpoints to an immediately preceding point in the user's signature asinputted into the system by the manual input device.
 4. A systemaccording to claim 2 or 3, wherein the extraction means is adapted toextract data relating to a plurality of different points of the user'ssignature including data relating a last point to a first point in theuser's signature as inputted into the system by the manual input device.5. A system according to claim 1, wherein the extraction means includesangle extract means for extracting angle data concerning the relativeangular positions of a plurality of points of the user's signature.
 6. Asystem according to claim 1, wherein the extraction means includesdistance extract means for extracting distance data concerning therelative distances apart of a plurality of points of the user'ssignature.
 7. A system according to claim 1, wherein the extractionmeans includes timing extract means for extracting timing dataindicative of the relative times between execution of different parts ofthe user's signature, and the comparison means is adapted to compare theextracted timing data with reference timing data in the reference datafile.
 8. A system according to claim 1, wherein password verificationmeans is provided for verifying input of a required password, asdetermined by reference password means, by the user using a keyboardinput device.
 9. A system according to claim 8, wherein timingverification means is provided for verifying input of the password bythe user with the required timing, as determined by reference timingmeans, using the keyboard input device.
 10. A system according to claim9, wherein the timing verification means includes means for verifyingthe hold times for which the relevant keys of the keyboard input deviceare depressed during input of the password, and means for verifying thelatency times between the release of one key and the depression of thefollowing key during use of the keyboard input device to enter thepassword.
 11. A system according to claim 1, wherein user name inputmeans is provided for receiving a user name inputted into the system toidentify the identity of the user for the purposes of selection of therequired reference data file for that user.
 12. A system according toclaim 1, wherein the comparison means incorporates at least one neuralnetwork for determining the verification criteria by which a match is tobe judged.
 13. A system according to claim 1, wherein the extractionmeans is adapted to extract data relating to different features of theuser's signature selected according to the fitness of such features todiscriminate the user's signature for the purposes of verification anddetermined by a fitness function relating the relative fitness of thefeatures to their form and number.
 14. A system according to claim 13,wherein the fitness function is optimised by an optimisation algorithm,such as a genetic algorithm.
 15. A system according to claim 1, whereintraining means is provided for training the system to refine theverification criteria by which a match is to be judged on the basis ofangle and distance data relating to a plurality of samples of the user'ssignature inputted into the system by the user during the registrationphase and generated false samples.
 16. A system according to claim 1,wherein the verification means is adapted to provide a reject outputindicative of non-matching of one or more verification criteria onlyafter completion of all the verification procedures.